git.cascardo.eti.br Git - cascardo/ipsilon.git/commit

author	Rob Crittenden <rcritten@redhat.com>
	Wed, 28 Oct 2015 20:29:57 +0000 (16:29 -0400)
committer	Patrick Uiterwijk <puiterwijk@redhat.com>
	Sat, 14 Nov 2015 00:09:50 +0000 (01:09 +0100)
commit	a8994fbcbe824b784c6ccefb1acc2cf8d268b90e
tree	6f2a842ba9f60de1593c7e3fc09926f73e2d62de	tree \| snapshot
parent	7ba361e006e7cc178132a103fc62403409689516	commit \| diff

Add support for IdP-initiated login

This uses the Redirect SSO endpoint and two new optional
arguments: SPIdentifier and RelayState.

SPIdentifier is the provider ID of the SP.
RelayState is where on the SP the user should be sent.

If the user is already authenticted then a SAMLResponse is generated
and the existing HTML page is generated and sent to the user including
this response and the value of RelayState (if any). This will then POST
to the SP and the user will be show the page on the SP.

If the user is not authenticated then they will be given the login page
after which they will be sent to the SP.

The link to the SP on the IdP Portal has changed to be and IdP-initiated
login. If a user bookmarks this link then they will always go to that
SP and be authenticated first, if needed.

https://fedorahosted.org/ipsilon/ticket/138

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: John Dennis <jdennis@redhat.com>

ipsilon/providers/saml2/auth.py		diff \| blob \| history
ipsilon/providers/saml2idp.py		diff \| blob \| history
templates/index.html		diff \| blob \| history